Quick example for setting up reverse SSH tunnels on clients which can be controlled from the server anywhere. This example presumes all the clients has a unique id, for example 9001, 9002, 9003, 9004 etc.
Let's say we have 10 clients stuck behind a firewall we'd like to access.

Start the SSH server on all clients like this:

ssh -R 1xxxx:localhost:22 user@server.com // replace xxxx with this client's unique id

Now we have all our clients setup with a reversed ssh tunnel.
If we'd like to ssh into id 9003 we run the following command from the server:

ssh user@localhost -p 19003

Lets ssh into 9005 instead:

ssh user@localhost -p 19005

Replace user with a local user on the client machine.


I want to ssh into my Raspberry Pi. Local username is pi.

  • Step 1 - setup reverse ssh tunnel on the raspberry:
    ssh -R 19999:localhost:22 kek@it-db.com

  • Step 2 - from my "it-db.com" server I run the following command:
    ssh pi@localhost -p 19999

Combining with sshpass and autossh

sshpass -p "mypassword" autossh -R 19999:localhost:22 user@server.com

Next Post Previous Post